<?php
	
	require('../Model/mysql.php');
	require('../host_config.php');
	$mysql = new MySQL();
	$link = $mysql->connect($mysql_host, $mysql_user, $mysql_passwd, $mysql_db);
	
	if(isset($_POST['shopid']) && isset($_POST['nickname']) && isset($_POST['comments']) && isset($_POST['rank'])) {
		$shopid = $mysql->real($_POST['shopid']);
		$nickname = $mysql->real($_POST['nickname']);
		$comments = $mysql->real($_POST['comments']);
		$rank = $mysql->real($_POST['rank']);
		
		$sql = "INSERT INTO `Comment` VALUES (NULL, '$shopid', '$nickname', '$comments', '$rank')";
		if ($mysql->query($sql, $link)) {
			print_r("OK");
			$sql = "SELECT `rank`, `commentnumber` FROM `Shops` WHERE `shopid` = '$shopid'";
			$row = $mysql->query_row($sql, $link);
			$total_rank = $row[0];
			$commentnumber = $row[1];
			$commentnumber++;
			$total_rank = ($total_rank + $rank)/2;
			$sql = "UPDATE `Shops` SET `rank` = '$total_rank', `commentnumber` = '$commentnumber' WHERE `shopid` = '$shopid'";
			$mysql->query($sql, $link);
			
		}else {
			print_r("Error");
		}
		
	}else {
		echo "<script language='javascript'>";
		echo "alert('You have no permission to read this page!');";
		echo "history.back();";
		echo "</script>";
		header("location:../login.php");
	}